Corel pop up and connection not blocked by ZAFree

Hello ZoneAlarm,

I have a Corel Video Studio installed on a Windows 7 PC along with ZoneAlarm. It's a legitimate copy and I use it regularly. It is, however, constantly phoning home and bombarding me with offers which I find annoying considering it is paid for software. e.g. "Holiday Gifting Made Easy - Pick your gift for your special photographer....." Buy Corel PaintShop Pro etc.

So, I banned "Corel VideoStudio Pro" from accessing the net and "Corel VideoStudio Screen Capture". In fact pretty much everything in my Application Control Settings is banned unless it has a legitimate reason for accessing the net - why should I waste bandwidth to look at an advert for software I have already paid for or don't want? The only programs that can access the net are Firefox and various updaters (yes I have checked very thoroughly that there is no other sneaky named software doing this).

So, imagine my surprise when I suddenly find that I am presented with another advert from Corel. How on earth did it manage this - it's banned from accessing the net!!!!!?????

Well it turns out that it is using the "Host Process for Windows Services" in order to gain access and it is completely bypassing the firewall application controls.

If I ban "Host Process for Windows Services" from accessing the net then Firefox stops working so I can't stop this relentless bombardment from Corel.

BIG QUESTION: If Corel can do this then so can any program installed on my PC - what is the point of Application Control if all the software has to do is access the net via Host Process for Windows Services?????

And before anybody asks - yes it is all practically red crosses for all the programs running. Most secure but creates the most alerts is set. DefenseNet is set to manual. I have even turned off the Microsoft Catalog Utilization.

Could someone explain why this giant sized backdoor seems to be present in ZoneAlarm? More to the point what are you going to do about it?

Re: Corel pop up and connection not blocked by ZAFree

Exact version of ZA used? (right click the ZA icon near the clock --> about --> copy to clipboard --> paste it here). What are the advance setting in ZA under application control? Is application interaction control active? Is advance settings been turned on? Under the "options" for that program in ZA application control what did you have ticked? Do you see any information about allowing a component to use another component of your system?

Finally have you removed the entry in application control and let it re-create by ZA?

If that Corel software is legit, did you contact support on how disable the ads? If you don't like what a software do then it should not be there in the first place.

Advanced Settings:
Application Control - Microsoft Catalog Utilization switched off
OS Firewall is ticked on
View Programs - Smart Defense All set to custom. All inbound trusted and internet set to deny. Almost all Outbound trusted and internet set to deny with the exception of browser and updaters (Apple, Avast, Flash etc.)

So Corel Video Studio is definitely using Host Process for Windows Services to bypass the program controls.

Originally Posted by fax

Finally have you removed the entry in application control and let it re-create by ZA?
fax

Makes no difference as it reappears again and I set it back to custom defense and allow the outbound trusted and internet and block the inbound trusted and internet (otherwise Firefox stops working)

Originally Posted by fax

If that Corel software is legit, did you contact support on how disable the ads?
fax

Yes I can contact Corel - considering it can still access the internet I'm sure they would have shut it down if it wasn't legit. You are, however, missing the point. If Corel Video Studio can slip on a mask and access the internet via Host Process for Windows Services then so can ANY program on my PC - so what's the point of having Application Control Settings. I may as well just make do with the Windows 7 firewall.

Originally Posted by fax

If you don't like what a software do then it should not be there in the first place.
fax

Do you mean Corel Video Studio which I use for work or do you mean ZoneAlarm which seems to have a massive security hole problem?

Re: Corel pop up and connection not blocked by ZAFree

uuuhm, as I am not using ZAfree it looks like ZAfree don't have the controls of ZA retail products as you seems not mentioning them. E.g. Advance application control, application interaction control, component control, etc. Also for each program in ZA application control your should have "options" (not just the ticks you mention but a separate windows with additional entries).

Do you see anything of this? If not, I am afraid what you ask cannot be done with ZAfree.

I meant contacting Corel as there may be just an easier way to block pop-ups than messing up with ZA or choose another program that does not spam users with commercials

Re: Corel pop up and connection not blocked by ZAFree

Originally Posted by fax

uuuhm, as I am not using ZAfree it looks like ZAfree don't have the controls of ZA retail products as you seems not mentioning them. E.g. Advance application control, application interaction control, component control, etc. Also for each program in ZA application control your should have "options" (not just the ticks you mention but a separate windows with additional entries).

Do you see anything of this? If not, I am afraid what you ask cannot be done with ZAfree.

I meant contacting Corel as there may be just an easier way to block pop-ups than messing up with ZA or choose another program that does not spam users with commercials

Thanks,
Fax

I'm not sure if the two versions are different, but perhaps you could try this with the commercial version of ZoneAlarm:

Then turn all the application controls in ZoneAlarm to inbound and outbound for Corel Videostudio to deny and then see if it can access the internet (You can test it by clicking the orange icon "Help and Product Information" top right as this accesses Youtube to show the latest information about Corel products or close Corel and wait for the pop up advert - I would imagine the demo will be worse than the paid for version).

Certainly on the free version of ZoneAlarm it bypasses Application control by using "Host Process for Windows Services"

There is absolutely no point in setting any of these values in ZoneAlarm if the application controls can be bypassed.....

Re: Corel pop up and connection not blocked by ZAFree

You can configure ZA to block this sort of thing, if you are concerned about it, but ZA becomes extremely noisy…(lots of constant popup messages)

But people that want that level of security are OK with a lot of popups.

As Guru Fax has already pointed out in a previous reply, these advanced features are only available in the paid versions of ZA.
(Advance application control, application interaction control, component control)

Also note that the componant in the application your trying to block from using this process can react in unknown and bad ways. It could lead to lockups, crashes and data losts from this application so if you do purchase a paid ZA product and block the process beware of what might happen and there nothing ZA can do about it since its how Corel programmed there application.